A picture is worth a thousand words…

… or maybe a few lines of malicious code?

Yup, it appears that hackers will shortly be able to post pictures on various websites (probably targeting social networking sites) and lure unsuspecting victims to browse a page with the infected picture or GIFAR. This GIFAR (GIF and JAR) will be interpreted by the browser as a normal GIF and displayed but the Java Runtime on the user’s machine will extract and execute it as a JAR file.

At Black Hat, researchers will show attendees how to create the GIFAR while omitting a few key details to prevent it from being used immediately in any widespread attack. – SlashDot News